365 Technologies: Blog

Gift card scam uses boss’ email address

Gift Card Scam

Sometimes it’s good to question the boss.

If you get an email from your boss asking you to purchase gift cards, you may really be communicating with scammers.

For the past six months or so, there’s been an email scam from “bosses” requesting that you purchase gift cards on their behalf. It’s a more sophisticated version of the traditional email phishing scam in that scammers research the name of the CEO, department head, or boss, and pretend to be them when they contact staff members.

These phishing requests can be lucrative for scammers – they generally ask the victim to purchase cards totaling $1,200 to $2,000, and then ask for the codes from the back of the cards. Once they have the codes, the money is theirs. Gift cards are liquid and hard to trace, which means you will most likely not get your money back.

Here is an example of an exchange:

– Original Message –
From: Joe Smith [mailto:exec@aol.com]
Sent: Thursday, June 23, 2019 9:23 AM
To: Jane Doe [jane@WinnipegCompany.com]
Hi Jane,
Are you in the office this morning? I need you to run an errand for me asap. I’m heading into a meeting with limited communication access, so just reply by email.
Joe
Sent from mobile device

From: Jane Doe [jane@WinnipegCompany.com]
Sent: Thursday, June 23, 2019 9:30 AM
To: Joe Smith [mailto:exec@aol.com]
Hi Joe,
Sure, what do you need?
Jane
Sent from Outlook

From: Joe Smith [mailto:exec@aol.com]
Sent: Thursday, June 23, 2019 9:35 AM
To: Jane Doe [jane@WinnipegCompany.com]
I need you to purchase 9 Google gift cards at $100 each. These are gifts for our employees, so keep it a secret. You may not be able to get them all in one store, so you’ll have to get them from different stores.
Once you have the cards, scratch the reveal card codes and email the codes to me.
How soon can you get this done? It’s urgent!
Sent from mobile device

From: Jane Doe [jane@WinnipegCompany.com]
Sent: Thursday, June 23, 2019 9:48 AM
To: Joe Smith [mailto:exec@aol.com]
Okay – I’ll do it now. Do you want me to purchase online instead?
Sent from Outlook

From: Joe Smith [mailto:exec@aol.com]
Sent: Thursday, June 23, 2019 9:52 AM
To: Jane Doe [jane@WinnipegCompany.com]
No, I need the physical gift card from the store. Again, it’s urgent.
Sent from mobile device

It’s not odd for employees to get real emails like this from the boss. As an employee, you want to help out, so you may not think to recheck the request.

What should you do before purchasing gift cards for your boss?

1. Scrutinize the email and look for red flags:

Look for uncharacteristic wording, grammar and spelling mistakes, or an email address that doesn’t match your company’s email addresses, for instance (Joe Smith [mailto:exec@aol.com] instead of [joe@WinnipegCompany.com]). Note that the scammers can sometimes also mimic email addresses correctly.

2. Contact your employer using another form of communication:

The best way is to pick up the phone and confirm the request. You can also communicate using a text message, Microsoft Teams, or start a new email with your manager to confirm whether the email is real.

What should you do as a boss to make employees aware of phishing attacks?

There are two steps you can take:

1. Email your employees when you are aware of a scam/phishing attack:

For instance:

Beware of a new email phishing attack that requests you to purchase gift cards on behalf of your manager. The email asks recipients to purchase gift cards, scratch them, and email the code numbers back to your manger. Never comply with such requests without confirming with your manager that it’s not a scam – by phone, text, or starting a new email conversation.

2. Provide employee security awareness training:

Help your employees take the right steps to ensure they and your organization are safe from phishing attacks. Contact Michael Anderson to schedule a security-awareness workshop.

If you have questions about your organization’s security, contact Michael Anderson.

And don’t be afraid to question the boss.

Michael Anderson

Michael Anderson

When it comes to IT services and solutions, it's important to have someone who not only understands the IT industry but is also passionate about helping clients achieve long-term growth using proven IT solutions. Michael, our CEO, is dedicated to assisting clients in improving their technology to gain a competitive edge in their industries. At 365 Technologies, Michael Anderson leads a team of professionals who are committed to providing exceptional IT services and solutions. With his extensive expertise and hands-on experience, Michael ensures that clients receive the best support and guidance for their IT endeavors. You can trust 365 Technologies to enhance your business systems and stay ahead in today's competitive landscape.